A virtual private network (VPN) provider could be keeping details about its users it claims not to have.
PureVPN’s information has been used in an investigation into a case which led to the arrest of a man in Massachusetts on Friday. A 24-year-old named Ryan Lin was arrested for cyberstalking his ex-roommate, Jennifer Smith, and information from PureVPN was used to help bring the arrest about.
“We Do Not monitor user activity nor do we keep any logs,” the company’s privacy policy states. “We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers.”
But it seems PureVPN does keep logs. An affidavit uploaded by The Register details information given by an FBI special agent detailing his investigation into the cyberstalking, which started in April 2016.
As part of the evidence, logs from PureVPN were used to link Lin to a fake email account under the name ‘Ashley Plano’, to allow him to communicate with his victim and send abusive messages.
Lin and Smith met last year when he moved into her shared house, after finding the advert online. Soon after they met he began to harass her by reading her online journal, flushing medication away and even hacking into her computer when she was not in the house.
Smith moved out of the house less than two months after Lin moved in, and Lin was evicted in July. However, Lin continued to harass her by attempting to contact her online, cyberstalking her friends, and emailing sexually explicit photographs taken from her online journal.
Lin used a fake email address to set up an account with Rover, an anonymous texting service, and sent messages to Smith about having an abortion.
“Eecords from PureVPN show that the same email accounts–Lin’s gmail account and the teleportfx gmail account–were accessed from the same WANSecurity IP address,” the document says.
“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time.”
It also seems Lin was aware the VPN provider might be holding records, despite saying otherwise. The document describes a Tweet from Lin’s account that read “there’s no such thing as a VPN that doesn’t keep logs. If they can limit your connections or track bandwith usage, they keep logs.”
While the logs of Lin’s account were used for a good reason, to bring justice, it suggests that the company’s promises may not be all they seem.
“For PureVPN to deceive customers into believing they hold some level of anonymity online, while secretly logging their actions, is criminal,” said Bryan Clark, in The Next Web.
Alphr has contacted PureVPN for a comment on the issue but had received no response at the time of writing.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
